A recent phishing campaign targeted a major US-based energy company [4], as well as other industries such as manufacturing, insurance [1] [3] [4], technology [1] [3], and financial services [1] [3]. This campaign [1] [2] [3] [4], which began in May 2023 [2], utilized over 1,000 emails [1] [2], with approximately 29% of them containing malicious QR codes aimed at stealing Microsoft credentials [1]. This occurrence marks the first known instance of QR codes being used on such a large scale [4], indicating the possibility of more attackers testing their effectiveness.


The phishing emails in this campaign employed PNG image attachments and redirect links associated with Microsoft Bing, Salesforce [1], and CloudFlare’s Web3 services [1]. The emails falsely claimed that recipients needed to update their account’s security settings and directed them to a Microsoft credential phishing page [1]. By embedding QR codes in images [4], the threat actors were able to evade email security tools that scan for known malicious links [4]. Additionally, they utilized legitimate services and base64 encoding to conceal the phishing link and bypass email protection filters [4]. The majority of the phishing emails delivered Microsoft credential phishing links or phishing redirects via an embedded QR code [2], with the Bing redirect URLs being the most common. Since May 2023 [2], the campaign has experienced a significant increase of over 2,400% in volume [2].


It is crucial to note that QR codes have the ability to bypass security measures and reach users’ inboxes. Therefore, it is imperative for employees to be trained not to scan QR codes in emails in order to ensure account and business security. Organizations are advised to consider implementing image recognition tools as part of their phishing protection measures [4], although it is important to acknowledge that these tools are not foolproof and may not detect all QR code threats. The impact of this phishing campaign, along with the potential for future attacks utilizing QR codes, highlights the need for heightened vigilance and proactive measures to safeguard against such threats.


[1] https://www.darkreading.com/attacks-breaches/qr-code-phishing-campaign-targets-top-u-s-energy-company
[2] https://securityboulevard.com/2023/08/major-energy-company-targeted-in-large-qr-code-campaign-2/
[3] https://siliconangle.com/2023/08/16/malicious-qr-code-hacking-campaign-targeting-microsoft-credentials/
[4] https://cyber.vumetric.com/security-news/2023/08/16/major-u-s-energy-org-targeted-in-qr-code-phishing-attack/